// For flags

CVE-2008-2812

kernel: NULL ptr dereference in multiple network drivers due to missing checks in tty code

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.

El núcleo de Linux anterior a 2.6.25.10, no realiza de forma adecuada las operaciones tty, esto permite a usuarios locales provocar una denegación de servicio (caída del sistema) o posiblemente obtener privilegios mediante vectores que contienen referencias a puntero NULO en los punteros a funciones en (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, y (8) wireless/strip.c en drivers/net/.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-06-20 CVE Reserved
  • 2008-07-09 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-476: NULL Pointer Dereference
CAPEC
References (35)
URL Tag Source
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commitdiff%3Bh=2a739dd53ad7ee010ae6e155438507f329dce788 X_refsource_confirm
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.10 Broken Link
http://secunia.com/advisories/30982 Broken Link
http://secunia.com/advisories/31048 Broken Link
http://secunia.com/advisories/31202 Broken Link
http://secunia.com/advisories/31229 Broken Link
http://secunia.com/advisories/31341 Broken Link
http://secunia.com/advisories/31551 Broken Link
http://secunia.com/advisories/31614 Broken Link
http://secunia.com/advisories/31685 Broken Link
http://secunia.com/advisories/32103 Broken Link
http://secunia.com/advisories/32370 Broken Link
http://secunia.com/advisories/32759 Broken Link
http://secunia.com/advisories/33201 Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2008-365.htm Third Party Advisory
http://www.vupen.com/english/advisories/2008/2063/references Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/43687 Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11632 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6633 Signature
URL Date SRC
URL Date SRC
http://www.debian.org/security/2008/dsa-1630 2023-02-13
http://www.openwall.com/lists/oss-security/2008/07/03/2 2023-02-13
http://www.securityfocus.com/bid/30076 2023-02-13
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00009.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2008-0612.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2008-0665.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2008-0973.html 2023-02-13
https://usn.ubuntu.com/637-1 2023-02-13
https://access.redhat.com/security/cve/CVE-2008-2812 2008-12-17
https://bugzilla.redhat.com/show_bug.cgi?id=453419 2008-12-17
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 < 2.6.25.10
Search vendor "Linux" for product "Linux Kernel" and version " < 2.6.25.10"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 6.06
Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"
lts
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 7.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "7.04"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 7.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "7.10"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 8.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04"
lts
Affected
Novell
Search vendor "Novell"
 Linux Desktop
Search vendor "Novell" for product "Linux Desktop"
 9
Search vendor "Novell" for product "Linux Desktop" and version "9"
-
Affected
Opensuse
Search vendor "Opensuse"
 Opensuse
Search vendor "Opensuse" for product "Opensuse"
 10.3
Search vendor "Opensuse" for product "Opensuse" and version "10.3"
-
Affected
Opensuse
Search vendor "Opensuse"
 Opensuse
Search vendor "Opensuse" for product "Opensuse"
 11.0
Search vendor "Opensuse" for product "Opensuse" and version "11.0"
-
Affected
Suse
Search vendor "Suse"
 Suse Linux Enterprise Desktop
Search vendor "Suse" for product "Suse Linux Enterprise Desktop"
 10
Search vendor "Suse" for product "Suse Linux Enterprise Desktop" and version "10"
sp1
Affected
Suse
Search vendor "Suse"
 Suse Linux Enterprise Desktop
Search vendor "Suse" for product "Suse Linux Enterprise Desktop"
 10
Search vendor "Suse" for product "Suse Linux Enterprise Desktop" and version "10"
sp2
Affected
Suse
Search vendor "Suse"
 Suse Linux Enterprise Server
Search vendor "Suse" for product "Suse Linux Enterprise Server"
 10
Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "10"
sp1
Affected
Suse
Search vendor "Suse"
 Suse Linux Enterprise Server
Search vendor "Suse" for product "Suse Linux Enterprise Server"
 10
Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "10"
sp2
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 4.0
Search vendor "Debian" for product "Debian Linux" and version "4.0"
-
Affected
Avaya
Search vendor "Avaya"
 Communication Manager
Search vendor "Avaya" for product "Communication Manager"
 >= 3.1
Search vendor "Avaya" for product "Communication Manager" and version " >= 3.1"
-
Affected
Avaya
Search vendor "Avaya"
 Expanded Meet-me Conferencing
Search vendor "Avaya" for product "Expanded Meet-me Conferencing"
*-
Affected
Avaya
Search vendor "Avaya"
 Intuity Audix Lx
Search vendor "Avaya" for product "Intuity Audix Lx"
 2.0
Search vendor "Avaya" for product "Intuity Audix Lx" and version "2.0"
-
Affected
Avaya
Search vendor "Avaya"
 Meeting Exchange
Search vendor "Avaya" for product "Meeting Exchange"
 5.0
Search vendor "Avaya" for product "Meeting Exchange" and version "5.0"
-
Affected
Avaya
Search vendor "Avaya"
 Message Networking
Search vendor "Avaya" for product "Message Networking"
 3.1
Search vendor "Avaya" for product "Message Networking" and version "3.1"
-
Affected
Avaya
Search vendor "Avaya"
 Messaging Storage Server
Search vendor "Avaya" for product "Messaging Storage Server"
 4.0
Search vendor "Avaya" for product "Messaging Storage Server" and version "4.0"
-
Affected
Avaya
Search vendor "Avaya"
 Proactive Contact
Search vendor "Avaya" for product "Proactive Contact"
 4.0
Search vendor "Avaya" for product "Proactive Contact" and version "4.0"
-
Affected
Avaya
Search vendor "Avaya"
 Sip Enablement Services
Search vendor "Avaya" for product "Sip Enablement Services"
--
Affected
Avaya
Search vendor "Avaya"
 Sip Enablement Services
Search vendor "Avaya" for product "Sip Enablement Services"
 4.0
Search vendor "Avaya" for product "Sip Enablement Services" and version "4.0"
-
Affected